Add test for renego client_version quirk.

In upstream's f4e1169341ad1217e670387db5b0c12d680f95f4, the client_version was made constant across renegotiations, even if the server negotiated a lower version. NSS has the same quirk, reportedly for SChannel: https://code.google.com/p/chromium/codesearch#chromium/src/net/third_party/nss/ssl/ssl3con.c&sq=package:chromium&l=5103 Add a test to ensure we do not regress this. Change-Id: I214e062463c203b86a9bab00f8503442e1bf74fe Reviewed-on: https://boringssl-review.googlesource.com/2405 Reviewed-by: Adam Langley <agl@google.com>
10年前 · c44b1df459
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -717,14 +717,8 @@ int ssl3_send_client_hello(SSL *s)
 		 * client_version in client hello and not resetting it to
 		 * the negotiated version.
 		 */
 #if 0
 		*(p++)=s->version>>8;
 		*(p++)=s->version&0xff;
 		s->client_version=s->version;
 #else
 		*(p++)=s->client_version>>8;
 		*(p++)=s->client_version&0xff;
 #endif

 		/* Random stuff */
 		memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -577,6 +577,11 @@ type ProtocolBugs struct {
 	// CertificateRequest message. None the less, the configured set will
 	// still be enforced.
 	NoSignatureAndHashes bool

 	// RequireSameRenegoClientVersion, if true, causes the server
 	// to require that all ClientHellos match in offered version
 	// across a renego.
 	RequireSameRenegoClientVersion bool
 }

 func (c *Config) serverInit() {
--- a/ssl/test/runner/conn.go
+++ b/ssl/test/runner/conn.go
@@ -58,6 +58,8 @@ type Conn struct {

 	srtpProtectionProfile uint16

 	clientVersion uint16

 	// input/output
 	in, out  halfConn     // in.Mutex < out.Mutex
 	rawInput *block       // raw input, right off the wire
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -162,6 +162,13 @@ func (hs *serverHandshakeState) readClientHello() (isResume bool, err error) {
 		hs.clientHello = newClientHello
 	}

 	if config.Bugs.RequireSameRenegoClientVersion && c.clientVersion != 0 {
 		if c.clientVersion != hs.clientHello.vers {
 			return false, fmt.Errorf("tls: client offered different version on renego")
 		}
 	}
 	c.clientVersion = hs.clientHello.vers

 	c.vers, ok = config.mutualVersion(hs.clientHello.vers)
 	if !ok {
 		c.sendAlert(alertProtocolVersion)
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -2109,6 +2109,16 @@ func addRenegotiationTests() {
 		},
 		renegotiateCiphers: []uint16{TLS_RSA_WITH_RC4_128_SHA},
 	})
 	testCases = append(testCases, testCase{
 		name:        "Renegotiate-SameClientVersion",
 		renegotiate: true,
 		config: Config{
 			MaxVersion: VersionTLS10,
 			Bugs: ProtocolBugs{
 				RequireSameRenegoClientVersion: true,
 			},
 		},
 	})
 }

 func addDTLSReplayTests() {